Track active user inside keystore service am: 78daac2ca8 am: f2f820c63d Change-Id: I237f1e4a13e2f8db5b238506fa255897075d022f

commit: 6d6a8cbc88df5672b52f42787ade566b8f786b1b [log] [tgz]
author: Brian C. Young <bcyoung@google.com> Mon Apr 02 19:12:05 2018 -0700
committer: android-build-merger <android-build-merger@google.com> Mon Apr 02 19:12:05 2018 -0700
tree: f568d70dd64b81ff0e9a9ae1073f5545a6793a3e
parent: 030458037e376062d60fb55efe6c13a968801bf5 [diff]
parent: f2f820c63d2df9b923d62fd1d3f3072165bf7c29 [diff]
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 9bd76fd..c8a8f84 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp

@@ -849,6 +849,14 @@
         }
     }
 
+    if (!containsTag(params.getParameters(), Tag::USER_ID)) {
+        // Most Java processes don't have access to this tag
+        KeyParameter user_id;
+        user_id.tag = Tag::USER_ID;
+        user_id.f.integer = mActiveUserId;
+        keyCharacteristics.push_back(user_id);
+    }
+
     // Write the characteristics:
     String8 name8(name);
     String8 cFilename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEY_CHARACTERISTICS));
@@ -1079,6 +1087,14 @@
     String8 cFilename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEY_CHARACTERISTICS));
 
     AuthorizationSet opParams = params.getParameters();
+    if (!containsTag(params.getParameters(), Tag::USER_ID)) {
+        // Most Java processes don't have access to this tag
+        KeyParameter user_id;
+        user_id.tag = Tag::USER_ID;
+        user_id.f.integer = mActiveUserId;
+        opParams.push_back(user_id);
+    }
+
     std::stringstream kcStream;
     opParams.Serialize(&kcStream);
     if (kcStream.bad()) {
@@ -2234,6 +2250,9 @@
 Status KeyStoreService::onKeyguardVisibilityChanged(bool isShowing, int32_t userId,
                                                     int32_t* aidl_return) {
     enforcement_policy.set_device_locked(isShowing, userId);
+    if (!isShowing) {
+        mActiveUserId = userId;
+    }
     *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
 
     return Status::ok();

diff --git a/keystore/key_store_service.h b/keystore/key_store_service.h
index 8d3f1f2..0056342 100644
--- a/keystore/key_store_service.h
+++ b/keystore/key_store_service.h

@@ -39,7 +39,7 @@
   public:
     explicit KeyStoreService(KeyStore* keyStore)
         : mKeyStore(keyStore), mOperationMap(this),
-          mConfirmationManager(new ConfirmationManager(this)) {}
+          mConfirmationManager(new ConfirmationManager(this)), mActiveUserId(0) {}
     virtual ~KeyStoreService() = default;
 
     void binderDied(const android::wp<android::IBinder>& who);
@@ -300,6 +300,7 @@
     android::sp<ConfirmationManager> mConfirmationManager;
     keystore::AuthTokenTable mAuthTokenTable;
     KeystoreKeymasterEnforcement enforcement_policy;
+    int32_t mActiveUserId;
 };
 
 };  // namespace keystore
commit	6d6a8cbc88df5672b52f42787ade566b8f786b1b	[log] [tgz]
author	Brian C. Young <bcyoung@google.com>	Mon Apr 02 19:12:05 2018 -0700
committer	android-build-merger <android-build-merger@google.com>	Mon Apr 02 19:12:05 2018 -0700
tree	f568d70dd64b81ff0e9a9ae1073f5545a6793a3e
parent	030458037e376062d60fb55efe6c13a968801bf5 [diff]
parent	f2f820c63d2df9b923d62fd1d3f3072165bf7c29 [diff]